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L Real Party in Interest (37 C.F.R. §41.37(c)(l)(i)) 

The real party in interest in the present appeal is Microsoft Corporation, the assignee of 
the present application. 

II. Related Appeals and Interferences (37 C.F.R. §41 .37(c)(l)(ii)) 

Appellant, appellant's legal representative, and/or the assignee of the present application 
are not aware of any appeals or interferences which maybe related to, will directly affect, or be 
directly affected by or have a bearing on the Board's decision in the pending appeal. 

IH. Status of Claims (37 CFJL §4137(c)(l)(iii)) 

Claims 1-35 stand rejected by the Examiner. The rejection of claims 1-35 is being 
appealed. 

IV. Status of Amendments (37 C-F-R- §41-37(c)(l)(iv)) 

No claim amendments have been entered after the Final Office Action. 

V. Summary of Claimed Subject Matter (37 C*F*IL §41 *37(c)(l)(v)) 
Independent Claim 1 : 

Independent claim 1 relates to a system to facilitate substantially secure communication 
of data from a user-level process. The system includes at least a first queue associated with the 
process. (See e.g, pg. 5 ? Ins. 28-30). The process i$ operative to directly communicate a 
message relative to the first queue. (See e.g, pg. 5, In. 30 to pg. 6, In. 3). The system also 
includes a first communication context operative to communicate the message between the first 
queue and a second communication context. (See e.g., pg. 6, Ins. 7-10). The communication 
between the first queue and the first communications context is controlled based on if an 
appropriate association exists between the first queue and the first communications context. (See 

> PS- 7> las- l" 4 )- The association between the first queue and the first communications 
context is provided through a privileged operation not adjustable by the first process. (See e.g., 
pg. 7, Ins. 4-5). 
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Independent Claim 14: 

Independent claim 14 relates to a system that facilitates communication of data. The 
system includes a virtual hardware component at a first node operable to communicate a message 
received directly from an associated process. (See e.g., pg. 7, Ins. 24-30). The system also 
includes is a first channel endpoint established at the first node, the first channel endpoint being 
operative to communicate messages to a second channel endpoint residing at a second node. 
(See e.g., pg. 8, Ins. 22-26). Each of the virtual component and the first channel endpoint is 
associated with a respective domain through a privileged operation at the first node. (See e.g., 
pg. 8, In. 29 to pg. 9, tat. 3). Communication of messages between the virtual component and the 
first channel endpoint is controlled based on validation of the respective domains for the virtual 
component and the first channel endpoint. (See e.g., pg. 9, Ins. 4-12). 

Independent Claim 22: 

Independent claim 22 relates to a system to facilitate communication of data. The system 
includes storage means for receiving a message provided directly from a user-level process. (See 
e.ff.j pg^ 5, Ins. 28-30). Also included is a communication means associated with the storage 
means. (See e.g. t pg. 6, Ins. 4-6). Upon validation of a domain association between the storage 
means and the communication means the communication means sends the stored request to a 
corresponding communication means at another node in the system. (See e.g., pg. 7, Ins. 1-5). 
The system further includes a validation means for validating the association between the storage 
means and the communication means. (See e.g., pg. 7, Ins. 13-15 and 17-21). The storage 
means and the communication means is associated in a privileged operation not adjustable by 
user-level processes. (See pg. 7, Ins. 4-5). 

Independent Claim 23: 

Independent claim 23 relates to a system to facilitate communication of data. The system 
includes a virtual storage means at a first node for storing a message for direct communication 
relative to a user-level process. (See e.g. f pg. 7, Ins. 24-30). The system also includes an 
endpoint communication means at the first node for means for, upon determining a common 
domain membership for the storage means and the endpoint communication means, enabling 
communication between the virtual storage means and the endpoint communication means. (See 
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*-g-> PS- 8, Ins. 22-26). A control means for independently controlling domain membership for 
each of the virtual storage means and the endpoint communication means is included in the 
system. (See e.g., pgs. 8, In. 29 to pg. 9, In, 12). 

Independent Claim 26: 

Independent claim 26 relates to a computer-readable medium having computer- 
executable instructions. In a privileged mode, the computer-readable medium sets domain 
membership for a queue of a first node and domain membership for a communication component 
of the first node. (See e.g., pg. 7, his. 1-5). The communication component of the first node is 
operable to communicate messages with a corresponding communication component at a second 
node. (See e.g. t pg. 8, Ins. 22-26). The domain membership is inaccessible by user-level 
processes. (See e.g., pg. 7, Ins. 4-5). The queue is mapped into memory of an associated user- 
level process at the first node, such that the user-level process can communicate directly with the 
queue. (See e.g., pg. 13, Ins. 9-15). The computer-readable medium further controls 
communication of message between the queue and the communication component based on the 
domain membership set for each of the queue and the communication component. (See e.g., pg. 
13, bis. 16-18). 

Independent Claim 29: 

Independent claim 29 relates to a method to facilitate communication m a system 
architecture in which a process is operative to communicate a message directly with a storage 
component coupled to at least one local communications component in a node for 
communicating the message for receipt by a second communications component. The method 
includes associating the storage component with a domain for temporarily storing the message 
and associating the local communications component with a domain. (See e.g., pg. 21. In. 28 to 
pg. 22, In 3). Also included is controlling communication of a message between the storage 
component and the local communications component based on the domain of the storage 
component and the domain of the local communications component (See e.g., pg. 22, Ins, 16- 
17). 
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VI. Grounds of Rejection to be Reviewed (37 C.F.R. §41.37(c)(l)(vi)) 

A* Whether claims 1-35 are unpatentable under 35 U.S.C §102(e) over Bruno, et at. 
(U.S. Patent No. 6,604,123). 

Vn. Argument (37 C.F.R- §41.37(c)(l)(vii)) 

A. Rejection of Claims 1-35 Under 35 U.S.C. 8102(e) 

Claims 1-35 stand rejected as anticipated by 35 U.S.C. §102(e) over Bruno, et al (U.S. 
Patent No. 6,604,123). This rejection should be withdrawn for the following reasons. Bruno et 
al does not teach or suggest all limitations recited in the subject claims. 

"A claim is anticipated only if each and every element as set forth 
in the claim is found, either expressly or inherently described in a 
single prior art reference." Verdegaal Bros. v. Union Oil Co. of 
California, 814 F.2d 628, 631, 2 USPQ 2d 1051, 1053 (Fed. Or. 
1987). "The identical invention must be shown in as complete 
detail as is contained in the. ..claim." Richardson v. Suzuki Motor 
Co., 868 F.2d 1226, 9 USPQ 2d 1913, 1920 (Fed. Cir. 1989). 

Independent claim I: 

Independent claim 1 (and its corresponding dependent claims) recites a system to 
facilitate substantially secure communication of data from a user-level process ... wherein 
communication between a first queue and a first communication context is controlled based on 
whether an appropriate association exists between the first queue and the first communication 
context, the association between the first queue and the first communication context being 
provided through a privileged operation not adjustable by the user-level process. The 
association determines which queue may utilize which communication context and without a 
proper association, communication between the queue and communication context is prevented. 
The association isolates communication channels in different domains, for example, thereby 
enhancing integrity of the communication. Bruno, et al. does not expressly or inherently 
describe such novel features. 
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Bruno, et al discloses transfer of control between computer system protection domains. 
A server, located in a user-level, registers with the system thereby allowing client application to 
use the server. Registering the server is performed in the user-level by user-level processes, 
namely, server, portal manager, client application, and name server. The portal manager 
associates an identifier "F with a portal specification and returns the identifier to the server and a 
specific portal defining the transfer of control is established by the user-level processes. If 
access to the server is approved, name server returns server identification "F to the client 
application. The portal manger creates portal code in the nucleus (privileged operation) by 
finding an available location (e) in a portal table associated with the client application and 
inserting a pointer to the portal code at location (e) and returns (e) to the client application. 

Thus, Bruno, et aL clearly discloses associating a first queue and a first communication 
context are adjusted by user-level processes, The look up is performed in the nucleus but such 
look up is adjustable by the user-level processes. Therefore, Bruno does not teach or suggest all 
claim limitations. 

Independent claim 14: 

Independent claim 14 (and its corresponding dependent claims) recites a system to 
facilitate communication of data comprising a virtual hardware component ... and a first 
channel endpoint ... associated with a respective domain through a privileged operation. The 
association with a domain determines if the virtual component and first channel endpoint can 
communicate with each other, and, if there is not a proper association, communication is 
prevented. Bruno, merely discloses associating a first queue and a first communication context 
through user-level processes. Specifically, the association is performed by a server, portal 
manager, client application, and name server, all in the user-level. Therefore, Bruno does not 
teach or suggest all claim limitations. 

Independent claim 22: 

Independent claim 22 recites a system to facilitate communication of data comprising .„ 
a storage means and a communication means associated in a privileged operation not 
adjustable by user-level processes. The storage means and communication means are associated 
to either allow or prohibit communication, Bruno does not disclose such features but rather 
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discusses control transfer between computer system protection domains. The association of 
Bruno et al is performed by user-level processes, and is thus adjustable by such user-level 
processes. Bruno et al is silent regarding an association in a privileged operation that is not 
adjustable by user-level processes because Bruno et al. relies upon the user-level processes to 
perform the association. 

Independe nt claim 7V 

Independent claim 23 (and its corresponding dependent claims) recites a system to 
facilitate communication of data comprising a virtual storage means and endpoint 
communication means .„ and control means for independently controlling domain membership 
for each of the virtual storage means and the endpoint communications means. Such control 
means includes a privileged operation as disclosed in Applicant's specification. Bruno et al 
does not teach or suggest such features and merely discloses user-level processes that associate a 
first queue and a first communication context. 

Independent claim 26: 

Independent claim 26 (and its conesponding dependent claims) recites a computer- 
readable medium having computer-executable instruction for in a privileged mode, setting 
domain membership for a queue of a first node and setting domain membership for a 
communication component of the first node... The domain membership allows communication 
between a queue and a communication component that belong to the same domain membership. 
Bruno clearly does not disclose a privileged mode process setting a domain membership but 
rather discloses the membership being performed by user-level processes, namely server, portal 
manager, client application, and name server. 

Independent claim , 29? 

Independent claim 29 (and its corresponding dependent claims) recites a method to 
facilitate communication in a system architecture ... comprising associating a storage 
component with a domain ... associating a local communications component with a domain, 
and controlling communication of a message between the storage component and the local 
communications component based on the domain of the storage component and the domain of 

7 

PAGE 7/17 * RCVD AT 7/6/2005 6:43:03 PN1 [Eastern Dayfight Time] * SVR:USPT(« FXRF-1/3 * DNIS:8729306 * CS!D:216 696 8731 * DURATION (mm-ss):05-22 



07/018/2005 17:39 FAX 216 696 8731 
09/772,231 



AMIN, & TUROCY LLP. 



21008/017 



MSI 55741. 01/MSFTP186US 



the local communications component Associating a storage component with a domain is 
performed by a privileged operation as discussed in applicant's specification. Bruno et al y on 
the other hand, discloses an association performed by user-level processes. While a look up is 
performed in a privileged level, the association is performed by the user-level processes. 

B. Conclusion 

For at least the above reasons, the claims currently under consideration are believed to be 
patentable over the cited references. Accordingly, it is respectfully requested that the rejection of 
claims 1-35 be reversed. 

If any additional fees are due in connection with this document, the Commissioner is 
authorized to charge those fees to Deposit Account No. 50-1063 [MSFTP186US]- 



RespectfiiHy submitted, 
AMIN & TUROCY, LLP 




Himanshu S. Amin 
Reg. No. 40,894 



Amin & Turocy, llp 
24 lh Floor, National City Center 
1900 East 9 th Street 
Telephone: (216)696-8730 
Facsimile: (216)696-8731 
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VHI. Claims Appendix (37 CF.R. §41.37(c)(l)(viii)) 

1. A system to facilitate substantially secure communication of data from a user-level 
process, comprising: 

at least a first queue associated with the process, such that the process is operative to 
directly communicate a message relative to the first queue; and 

a first communication context operative to communicate the message between the first 
queue and a second communication context; 

wherein communication between the first queue and the first communications context is 
controlled based on whether an appropriate association exists between the first queue and the 
first communications context, the association between the first queue and the first 
communications context being provided through a privileged operation not adjustable by the 
user-level process. 

2. The system of claim 1 , wherein the first queue and the first communication context reside 
at a first node that is different from that of the second communication context. 

3. The system of claim 2, further comprising an interface at the first node operative to 
validate messages communicated from the first queue to the first communication context. 

4. The system of claim 3, wherein the interface is operative to prevent messages from being 
communicated from the first queue to the first communication context if an association mismatch 
exists between the first queue and the first communication context, 

5. The system of claim 2 a wherein the appropriate association between the first queue and 
the first communication context requires membership to a common domain. 

6. The system of claim 5, further comprising a second queue associated with a second 
process at the first node, such that the second process is operative to directly communicate a 
message to the second queue. 
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7. Tbe system of claim 6, wherein the second queue is associated with the common domain 
through a privileged operation, such that the first and second queues can share the first 
communication context to communicate messages through a channel defined by the first 
communication context and the second communication context, each of the first and second 
queues being operative to communicate messages with at least one process at a node where the 
second communication context resides. 

8. The system of claim 7, wherein the first process further comprises a process operating in 
a user mode and the second process comprises a process operating in a user mode. 

9. The system of claim 6 7 further including a third communication context associated with 
the second queue through a privileged operation at the first node, the third communication 
context enabling communication between the third communication context and a fourth 
communication context that resides a node different from the first node. 

1 0. The system of claim 9, wherein the common domain is a first domain, the association 
between the second queue and the third communication context corresponding to a second 
domain that is different from the first domain, wherein each communication channel established 
in the second domain is isolated from each channel established in the first domain. 

1 1 . The system of claim 1 7 wherein the first queue and the first communication context reside 
at a first node that is different from a second node at which the second communication context 
resides, the system further comprising a third communication context at the first node to enable 
communication of messages between the third communication context and a fourth 
communication context that resides at a third node that is different from the first node. 

1 2. The system of claim 1 1 , wherein the first queue is associated with the third 
communication context through a privileged operation, such that the first process is operative to 
communicate the message over a communication channel established between the third 
communication context and a fourth communication context that resides at the third node, which 
is different from the second node. 
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1 3 . The system of claim 1 1 , wherein the first queue and the first communication context are 
associated so as to be part of a first domain, the system further comprising a second queue is 
associated with a second process, the second queue being associated with a third communication 
context so as to be part of second domain that is isolated relative to the first domain. 

14. A system to facilitate communication of data, comprising: 

a virtual hardware component at a first node operable to communicate a message 
received directly from an associated process; and 

a first channel endpoint established at the first node, the first channel endpoint being 
operative to communicate messages to a second channel endpoint residing at a second node; 

wherein each of the virtual component and the first channel endpoint is associated with a 
respective domain through a privileged operation at the first node, communication of messages 
between the virtual component and the first channel endpoint being controlled based on 
validation of the respective domains for the virtual component and the first channel endpoint. 

1 5 . The system of claim 1 4 3 wherein hardware at the first node is operative to prevent 
messages from being sent between the virtual component and the first channel endpoint in 
response to detecting an invalid association between the virtual component and the first channel 
endpoint. 

16. The system of claim 14, wherein the virtual component is a first virtual component, the 
system further comprising a second virtual hardware component operative to communicate a 
message directly with an associated process at the first node. 

17. The system of claim 16, wherein the second virtual hardware component and the first 
virtual hardware component are members of a common domain, domain membership being 
assigned through a privileged operation not adjustable by the first or second process, wherein the 
first and second virtual components are operative to share the first channel endpoint of the first 
node, such that each of the first and second processes can communicate messages with at least 
one process at the second node. 
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18. The system of claim 14, further including a third channel endpoint at the first node, the 
third channel endpoint being operative to communicate messages with a fourth channel endpoint 
that resides at a node different from the first node. 

19. The system of claim 1 8, wherein the virtual component is a first virtual hardware 
component, the system further comprising a second virtual hardware component at the first node 
that is associated with the third channel endpoint through a privileged operation at the first node. 

20. The system of claim 1 9, wherein each of the first and third channel endpoints belongs to 
different domains, such that each communication channel established between associated 
channel endpoints in one of the domains is isolated from each communication channel 
established between associated channel endpoints in each other of the domains. 

2 1 . The system of claim 1 9, wherein each of the first and third channel endpoints belongs to 
a common domain, such that each of the first and second processes at the first node is operative 
to share first and third channel endpoints to respectively communicate a message with at least 
one process at the second and third nodes based on data in the respective message. 

22. A system to facilitate communication of data, comprising: 

storage means for receiving a message provided directly from a user-level process; 

communication means associated with the storage means for, upon validation of a 
domain association between the storage means and the communication means, sending the stored 
request to a corresponding communication means at another node in the system; and 

validation means for validating the association between the storage means and the 
communication means, the storage means and the communication means being associated in a 
privileged operation not adjustable by user-level processes. 
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23. A system to facilitate communication of data, comprising: 

virtual storage means at a first node for storing a message for direct communication 
relative to a user- level process; 

endpoint communication means at the first node for means for, upon determining a 
common domain membership for the storage means and the endpoint communication means, 
enabling communication between the virtual storage means and the endpoint communication 
means; and 

control means for independently controlling domain membership for each of the virtual 
storage means and the endpoint communication means. 

24. The system of claim 23, wherein the endpoint communication means further includes 
means for preventing communication of messages between the virtual storage means and the 
endpoint communication means in the absence of a common domain membership among virtual 
storage means and the endpoint communication means. 

25. The system of claim 23, wherein the endpoint communication means further includes 
means for peimitting communication of messages between the virtual storage means and the 
endpoint communication means when common domain membership exists among virtual storage 
means and the endpoint communication means. 

26* A computer-readable medium having computer-executable instructions for: 

in a privileged mode, setting domain membership for a queue of a first node and setting 
domain membership for a communication component of the first node, the communication 
component of the first node being operable to communicate messages with a corresponding 
communication component at a second node, the domain membership being inaccessible by 
user-level processes, the queue being mapped into memory of an associated user-level process at 
the first node, such that the user-level process can communicate directly with the queue; and 

controlling communication of message between the queue and the communication 
component based on the domain membership set for each of the queue and the communication 
component. 
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27. The computer-readable medium of claim 26 having further computer-executable 
instructions for providing an error message to the associated user-level process if the domain 
membership between the queue and the communication component is invalid. 

28. The computer-readable medium of claim 26 having further computer-executable 
instructions for analyzing the message to identify which of a plurality of communication contexts 
is designated and validating domain membership between the queue and the designated 
communication context to control communication of the message between the queue and the 
designated communication context. 

29. A method to facilitate communication in a system architecture in which a process is 
operative to communicate a message directly with a storage component coupled to at least one 
local communications component in a node for communicating the message for receipt by a 
second communications component, the method comprising: 

associating the storage component with a domain for temporarily storing the message; 

associating the local communications component with a domain; and 

controlling communication of a message between the storage component and the local 

communications component based on the domain of the storage component and the domain of 

the local communications component. 

30. The method of claim 29, wherein the domain for the storage component and the domain 
for the association of the local communications component are implemented independently in 
privileged operation not adjustable by the user-level process. 

31. The method of claim 30, wherein the controlling further comprises validating the domain 
of the storage component relative the domain of the local communication component. 

32. The method of claim 3 1 , further comprising preventing communication of the message 
from the storage component to the communication component in the absence of a match between 
the domain of the storage component and the domain of the communication component. 



14 



PAGE 14/17 * RCVD AT 7/612005 6:43:03 PM [Eastern Daylight Time] * SVR:USPT0-EFXRF-1/3 * DNIS:8729306 * CSID:21 6 696 8731 * DURATION (mm-ss):05-22 



AMIN, & TUROCY LLP. 



©015/017 



09/772,231 • MS155741.01/MSFTP186US 

33. The method of claim 32, further comprising generating an error message in the absence 
of a match between the domain of the at least part of the storage component and the domain of 
the communication component 

34. The method of claim 32, further comprising sending the message from the storage 
component to the communication component in response to a valid association existing between 
the domain of the storage component and the domain of the communication component 

35. The method of claim 30 7 further comprising discerning from the message which of at 
least one of a plurality of communication components is designated and validating association 
between the storage component and each designated communication component to control 
communication of the message between the storage component and each designated 
communication component. 
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IX. Evidence Appendix (37 CF.R. §41.37(c)(l)(ix)) 
None. 

X. Related Proceedings Appendix (37 C.F.R. §41.37(c)(l)(x)) 
None. 
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